Secure Computing Provides Zero-Hour Protection

Secure Computing Corporation announced that customers using the Sidewinder G2 Security Appliance and SmartFilter Web filter are protected from the new forms of the Windows MetaFile (WMF) vulnerability because of Secure Computing's multilayered, defense-in-depth security architecture.

US-CERT advisory TA05-362A describes a Microsoft Windows MetaFile handling buffer overflow vulnerability that exploits a feature of Windows used to process image files. This vulnerability is particularly worrisome because it could allow a hacker to take complete control of an unpatched Windows computer after a user has unwittingly visited a rogue Web site that contains a maliciously crafted WMF image. Microsoft has issued a patch for the vulnerability, but within days of the release of the patch, the security forum Bugtraq issued advisory 16167 (,which documents two new variants of the vulnerability not covered by the latest security patches.

Fortunately, Secure Computing offers many strong protections from the WMF vulnerabilities. Customers who deploy a defense-in-depth strategy by using the Sidewinder G2 Security Appliance with both the Sophos anti-virus and SmartFilter UTM components can achieve the highest level of protection. Sidewinder G2 customers can block most of the attack vectors of the WMF vulnerability by configuring their systems using customized Application Defenses, filtering for WMF virus signatures using the on-box Sophos anti-virus engine, and filtering all outbound URL requests with SmartFilter.

Secure Computing's SmartFilter URL filtering solution is also available on a variety of third-party platforms, including appliances, firewalls, caching devices, and proxy servers.

Secure Computing's proprietary analysis tools to aggressively identify and catalogue numerous URLs known to be distribution points for this exploit and are adding more every hour. The database updates, adding to the SmartFilter 'malicious sites' category, are then automatically downloaded to SmartFilter customers, providing updated, real-time protection. Secure Computing's comprehensive database of millions of URLs is organized into over 70 categories. Secure Computing uses a combination of advanced technologies and a team of highly skilled analysts to quickly categorize and add URLs to its database and provide protections against such threats as the WMF.

write your comments about the article :: 2006 Computing News :: home page